Jump to content

Unable to remove search engine hijack / web hijack malware


Recommended Posts

Hi everyone,

 

I'm a fairly adept virus hunter and yet I have been unable to remove this pesky bit of spyware from my wife's laptop, which has Trend anti-virus and Malwarebytes Pro installed. Full scans on both do not return a match.

 

There are two main symptoms. First, Malwarebytes continually reports via a toolbar popup that it has successfully blocked access to a potentially malicious website: 89.248.172.121. This occurs every few minutes. Second, when clicking on a hyperlink from another web page, the browser is redirected to some other site. I have already fixed up some issues with the search engine, which was hijiacking searches and sending everything through to 'mysearch'.

 

I have attached the DDS.TXT and ATTACH.TXT files in case they're of use.

 

Thanks in advance for your help. I'm about ready to just nuke this machine back to the factory install but I figured I'd try this forum first.

 

 

 

 

dds.txt

attach.txt

Link to post
Share on other sites

  • 3 weeks later...

Hi wild4gadgets, and welcome to Malwarebytes.

 

when clicking on a hyperlink from another web page, the browser is redirected to some other site.

 

What browser(s) is this occurring in?

 

Please follow the directions in the order listed.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Download the below tool
Farbar Recovery Scan Tool (64 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will create a log (FRST.txt) in the same directory the tool is run.
The first time the tool is run, it makes creates another log (Addition.txt).

Please post the contents of both, each in their own reply.

 

Please post the contents (not attach) the logs from AdwCleaner, ESET Online Scanner, and then each in their own reply (due to length) two logs  (FRST.txt and Addition.txt) from Farbar Recovery Scan Tool, answer the question about which browser the redirection is occurring in, and note any errors encountered.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.